How to determine if a user (integrated authentication) is part of a domain security group.

[Paul Wolpe]

I am trying to determine from an ASP.NET 1.1 page if a user is a member
of a Global Security group (Windows 2000). When I check
Page.User.IsInRole(@"DOMAINFOO\GroupBar") I always get false.

Inspecting the User object right after IsInRole has been called (in the
VS.NET 2003 debugger) I see that the m_roles string[] contains some
domain groups (like "Domain Users" and "Domain Admins." m_rolesTable is
undefined since I only have 11 items in my _roles array. None of the
security groups that I have defined (vs built in security groups)
appear in the m_roles array.

Is IsInRole the correct method to be using to check this sort of group
membership?

I have seen a lot of discussion on this topic but there doesn't seem to
be a consensus on how to solve this issue.
Any thoughts are greatly apreciated.

-Paul

 

[Joe Kaplan \(MVP - ADSI\)]

It should work to use IsInRole to get all your domain groups for a
WindowsPrincipal. Some things that might help:
- A reboot might be necessary to update your groups in your token
- Sometimes you need to use impersonation for the groups to get built
correctly (although that doesn't sound like the problem here)

Otherwise, I'm not sure what the problem is. Some kind of a trust issue is
possible, but that doesn't sound like it either.

Joe K.